Internet Activity Log for tracking Obsidian and Community Plugin activity

ViaAhmed · 2021-02-06T07:45:27.940Z

Use case or problem:

I feel Obsidian is often incomplete without community plugins. And Developers can’t leave the security issue regarding them simply on users. (I am talking about the safemode thing) So there should be some tracker built in Obsidian which allows users to track internet activity of various components be it Community plugins or Core updater or Core plugins. I don’t doubt the developers, but I would welcome stats of core activity so that user may crosscheck with their third party net log software, just to tally.

Proposed solution:

So, I propose that there be a in-tamper-able activity log, which records every internet activity which Obsidian and the plugins do.
for example Record these data points:

Which component connected to internet?
At what time?
what amount of data it downloaded and uploaded?
if possible, what nature of data it downloaded or uploaded?

note: component means the core updater or plugin etc

Current workaround (optional)

none

Related feature requests (optional)

none

DandyLyons · 2021-02-06T08:15:37.040Z

This is a great first step towards security. Security is not only a matter of trusting developers. It’s also a matter of closing vulnerabilities. Even if developers are ethical, bad actors can still exploit loopholes to wreak havoc.

I-d-as · 2021-02-06T13:06:04.399Z

True.

Also, it could be helpful to have an optional system to submit these logs to be analyzed by someone or something that can understand the nitty gritty because there is a chance that it would act differently on different systems.

I really like the idea of logs for our Obsidian sessions in an of themselves for keeping track of vault action.

Thanks.

ryanjamurphy · 2021-02-06T15:40:07.025Z

~~I don’t know how feasible this is.~~ D’oh, forgot about Chromium’s devtools—this is already built in! See below.

Otherwise, please see the developer’s discussions on plugin security here:

Security of the plugins Developers & API

Here’s a technical analysis on why that’s not feasible: Plugins should be able to execute Javascript code in the main execution context. While it is possible to attempt to sandbox the plugin script, it’s mostly pointless because there are probably a thousand Javascript context escape possibilities, and we can’t plug them one by one. Because plugins must be able to execute code, there will be APIs available that we will be unable to restrict access to specific functionality like networking. An …

WhiteNoise · 2021-02-06T15:52:12.101Z

You can use the network tab in the developer tools (ctrl-shift-i) (cmd-shift-i)

ViaAhmed · 2021-02-11T08:52:13.935Z

It is difficult to track regularly, Monitoring needs automation, Logs automatically save data for later review.

ViaAhmed · 2021-02-11T08:58:07.957Z

It is complicated to understand the Network Tab even if you have some computer knowledge.